Re: Probably the first published shell code example for Linux/390

Fri, 01 Nov 2002 06:52:55 -0800 

When we are talking about storing (ie overlaying) programs (trojans) on the
stack space, then only hardware protection can really help. One would need
to come to a model where instructions cannot be executed from the stack.
One can achive this in S/390, by making the stack space a separate space,
which is only addressable thru an access register (like an MVS data space).
This way instructions can never be executed from the stack space, however, I
am afraid that such an implementation would break a few things.

Jan Jaeger.







From: Ross Patterson <[EMAIL PROTECTED]>
Reply-To: Linux on 390 Port <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Probably the first published shell code example for Linux/390
Date: Thu, 31 Oct 2002 18:33:57 -0500

At 13:10 10/31/2002 -0600, Ward, Garry wrote:

push something to the stack, decrement the address, and if you've gone
negative, you've gone too far?

Sure, and the same is true of upwards-growing stacks (only in the other
direction, natch).  The issue isn't accidental stack overflow.

The difference is in the impact of storage overlays - if your stack grows
down, the memory above the current stack frame is your caller's.  If your
stack grows up, the memory above it is your callee's.  Now imagine storing
1000 bytes into a 10-byte buffer on the stack (the classic
shellcode-insertion hack).  In the grows-down case, you overlay some active
memory including possibly the savearea containing the register's you're
going to reload when you hit the "return" statement.  In the grows-up case,
you overlay some inactive memory.


sorry, PC assembler is a long time past, but I vaguely remember the
argument being made that top down stacking was easier to manage.

That's true on platforms that actually have stacks (sometimes).  The 8080
and it's descendants do, and Intel chose to grow them downwards.  It's a
design issue, just like little-endian-ness, and IMHO just as wrong.
:-)  S/390 doesn't have a general-purpose hardware stack, so it's a matter
of implementation preference.

Ross Patterson


_________________________________________________________________
Je kan ook Messenger berichten op je mobiele telefoon ontvangen!
http://www.msn.nl/services/hotmailsmsv271551/messenger/

Reply via email to